Love it! This is what Microsoft promised when IE8 was released and it looks like they're following through.

That was really a test of the browser vendors' respective threat publishing networks. Have there been any recent tests of the actual browsers' security -- i.e. what happens after you click a link to malicious content?

Microsoft paid for the "test", according to Amy
Barzdukas, General Manager of Internet Explorer.
Maybe the fact that Microsoft was behind the test
in the reason they tested against an older version
of Safari, and that they threw out the results
showing that IE was so vulnerable to drive by
downloads. Other media have been reporting on how
bogus the "test" was for at least a week.

And what about Firefox3.5.1 with NoScript, Adblock Plus and DrWeb anti-virus link checker? IE8 is still playing catchup.

IE8 running stock compared against Firefox with a bunch of third-party add-ons. Right. Totally un-biased there.
I wonder if there's any coincidence that the browsers that fell to IE8's "superiority" did so in order of their relative market share? >_

I dumped IE for Firefox a long time ago, now it looks like I might have to give IE another go. I wonder if there is a NoScript, or AdBlock like feature for IE?

@William,

Once you click a link, the browser should execute your desires. What happens next should be contained by the operating system, not the browser. I would like it if the browser was inside some sort of container, but it would raise the issue of what to do with updating software, where downloads go, and how to tell software you installed vs. self installing helper solfware (eg, Google Updater), vs. malware.

Yes, IE8 is so secure it blocks most of the online freight tracking software we use at my work - we had to roll-back to IE7 on all the affected machines to continue operating.

And it tries to install itself every time Windows Automatic Updates runs, so you have to teach users to choose not to allow the update every month.

And it trashes up the menus on my personal website.

I'm checking into whether Microsoft underwrote the test. I reviewed the pretest parameters and the post-test reports, none of which indicated any outside sponsors.

There's always room for a healthy degree of skepticism when it comes to the security of Microsoft products. Even if we want to split hairs over which version should have been tested, the strong performance of IE8 does reflect the effort Microsoft has placed in improving the security of its software.

This is old news. Microsoft did, in fact, underwrite these tests. It is no surprise of the results.

http://www.networkworld.com/news/2009/081309-microsoft-ie8-browser-security.html?fsrc=netflash-rss" rel="nofollow"

GrumpyNoMore: compatibility view, hide update, and better code would likely fix everything in minutes.

As for the article, this is not a security test as much as it is a comparison of phishing feeds. I don't doubt the result of the study but it is meaningless.

IE protected mode is real security; other browsers still lack that type of function. Plugins are (and have been for some time) the gaping security hole in browsers. The number of active exploits in flash, java, and adobe reader alone are outrageous. The only plugin I keep enabled in firefox is flash which is limited by the flashblock extension. A bit of trust for the extension maintainer is still required however.

But I don't care about all that. IE is the most secure browser at the moment but it remains the lowest common denominator for support of relevant web technologies and standards. It is depressing that IE will never implement support for SNI (which could vastly consolidate IP address space) or HTML5 (even though microsoft's terrible implementation of HTML was the primary impetus for its creation).

IE is keeping the progress of the web down and the only way to eliminate it is by countering the campaign of misdirection with a campaign of raving hatred since the masses are only interested in the headlines. This is a battle of propagandized public opinion that cannot be fought with rational argument.

hrm.. i dont think ie8 comes on linux.. linux, mac, no viruses.. so dont use windows.

The thing is, when a MAC catches a virus, you have no idea that you even have it! That's the effect of the brilliance of a MAC user who thinks his/her system is invulnerable.

Same goes for Linux distros.

I've used (and use) them all (Windows, OSX, Linux [Ubuntu, CentOS, Redhat]). Mac and Linux are more secure from threats largely because they represent such a small fraction of the OS user-base and malware developers are ignoring them. If OSX or any distro of Linux held a significant % of the base end-users that Microsoft has, they would need malware scanners just like Windows users.

Wow, they used Chrome v2????! Chrome is on version 4. This is like comparing Internet Explorer 4 instead of Internet Explorer 8.

Did some quick research, NSS Labs was hired by... you guessed it: Microsoft's Online Security Engineering Team. Here's the link: (http://arstechnica.com/microsoft/news/2009/08/microsoft-sponsors-two-nss-reports-ie8-is-the-most-secure.ars)